Integrations portfolio

You’ve invested in technology that’s right for your environment. We make it work harder. Here are the products we have integrations with and we’re continually adding to the list.

1Password logo

1Password

1Password

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Amazon Web Services (AWS) logo

Amazon GuardDuty

Amazon

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Trend Micro logo

Apex One

Trend Micro

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Cisco logo

ASA

Cisco

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM
Splunk Enterprise Security
Sumo Logic

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Auth0 by Okta logo

Auth0

Okta

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Check Point logo

AV, Anti-Bot, and IPS

Check Point

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM
Splunk
Sumo Logic

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Amazon Web Services (AWS) logo

AWS CloudTrail

Amazon

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Azure Kubernetes Service Icon

Azure Kubernetes Service (AKS)

Microsoft

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Microsoft logo

Azure Monitor activity log

Microsoft

Formerly Activity Log

Operational capabilities

Data Ingestion

Expel services

MDR

Threat Hunting

Microsoft logo

Azure Monitor log analytics

Microsoft

Formerly Azure Log Analytics

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Box logo

Box

Box

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Netskope logo

Cloud Access Security Broker (CASB)

Netskope

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Sumo Logic logo

Cloud SIEM

Sumo Logic

Formerly Sumo Logic Cloud SIEM Enterprise, JASK

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Palo Alto Networks logo

Cortex XDR

Palo Alto Networks

Ingestion methods

Direct API

Supported versions

XDR Pro

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Cylance logo

CylanceENDPOINT

Blackberry

Formerly CylancePROTECT AV

Ingestion methods

Direct API

via SIEM

SIEM sources

Sumo Logic

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Datadog logo

Datadog

Datadog

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Varonis logo

DatAlert

Varonis

Ingestion methods

Direct API

via SIEM

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Microsoft logo

Defender for Cloud Apps

Microsoft

Formerly Microsoft Cloud Application Security

Ingestion methods

Direct API

Supported versions

Defender for Cloud Apps
Defender for Identity

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Microsoft logo

Defender for Endpoint

Microsoft

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Dropbox logo

Dropbox

Dropbox

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Duo logo

Duo

Cisco

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Cybereason logo

EDR/XDR

Cybereason

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Amazon Elastic Kubernetes Service icon

Elastic Kubernetes Service (EKS)

Amazon

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Elastic logo

Elastic Security

Elastic

Formerly Endgame

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Elastic logo

Elasticsearch

Elastic

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Trellix logo

Endpoint Security (HX)

Trellix

Formerly FireEye HX

Ingestion methods

Direct API

Supported versions

Trellix HX 3.6+
Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Microsoft logo

Entra ID Protection

Microsoft

Formerly Azure AD Identity Protect

Ingestion methods

Direct API

Supported versions

Azure AD Identity Protection (through Microsoft Graph API)
MCAS Sentinel

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Crowdstrike logo

Falcon

Crowdstrike

Ingestion methods

Direct API

Supported versions

Falcon Elite
Falcon Enterprise
Falcon Complete

Operational capabilities

Data Ingestion

Investigative Access

Response Actions

Expel services

MDR

Check out the Setup guide in our help center.

Crowdstrike logo

Falcon Data Replicator

Crowdstrike

Ingestion methods

via SIEM

SIEM sources

Sumo Logic

Operational capabilities

Data Ingestion

Expel services

Threat Hunting

Crowdstrike logo

Falcon Identity Protection

Crowdstrike

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Cisco logo

Firepower

Cisco

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM
Microsoft Sentinel
Splunk Enterprise Security
Sumo Logic

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Fortinet logo

FortiAnalyzer

Fortinet

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Fortinet logo

FortiGate

Fortinet

Ingestion methods

via SIEM

SIEM sources

Microsoft Sentinel
Exabeam Fusion New-Scale SIEM
Securonix Unified Defense SIEM
Sumo Logic
Splunk Enterprise Security

Operational capabilities

Data Ingestion

Expel services

MDR

GitHub logo

GitHub

GitHub

Ingestion methods

Direct API

via SIEM

SIEM sources

AWS S3

Supported versions

GitHub Enterprise
Cloud
On-prem

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

GitLab logo

GitLab

GitLab

Ingestion methods

Direct API

Supported versions

GitLab SaaS
Cloud
On-prem

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Google Cloud logo

Google Cloud Platform (GCP)

Google Cloud

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Google Kubernetes Engine icon

Google Kubernetes Engine (GKE)

Google Cloud

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Akamai logo

Guardicore Segmentation

Akamai

Formerly Guardicore

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Cyberark logo

Identity

CyberArk

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

McAfee logo

IDS

McAfee

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Thales logo

Imperva WAF

Thales

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Proofpoint logo

Insider Threat Management

Proofpoint

Ingestion methods

via SIEM

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Rapid7 logo

InsightVM

Rapid7

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

Vulnerability Prioritization

Microsoft Intune logo

Intune

Microsoft

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Jira Software logo

Jira

Atlassian

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

LastPass logo

LastPass

LastPass

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Logz.io logo

Logz.io

Logz.io

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Cisco logo

Meraki

Cisco

Ingestion methods

Direct API

via SIEM

SIEM sources

Splunk Enterprise Security
Sumo Logic

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Microsoft 365 logo

Microsoft 365

Microsoft

Formerly Office 365

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Verizon logo

Network Detection and Response

Verizon

Formerly ProtectWise

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Palo Alto Networks logo

Next Gen Firewall

Palo Alto Networks

Ingestion methods

via SIEM

SIEM sources

Devo
Splunk Enterprise Security
Sumo Logic

Supported versions

Version 6+

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Netskope logo

Next Gen SWG

Netskope

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Fastly logo

Next-Gen WAF

Fastly

Formerly Signal Sciences WAF

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

OneLogin by One Identity logo

OneLogin

One Identity

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Threat Hunting

OpsGenie logo

OpsGenie

Atlassian

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

Orca Security logo

Orca Security

Orca Security

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

PagerDuty logo

PagerDuty

PagerDuty

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

Palo Alto Networks logo

Panorama

Palo Alto Networks

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Ping Identity logo

Ping One for Workforce

Ping Identity

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Lacework logo

Polygraph

Lacework

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Darktrace logo

Prevent / Detect

DarkTrace

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Palo Alto Networks logo

Prisma Access

Palo Alto Networks

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Palo Alto Networks logo

Prisma Cloud Compute

Palo Alto Networks

Formerly Twistlock

Ingestion methods

Direct API

Supported versions

Prisma Cloud Compute (self-hosted)
Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Cyberark logo

Privileged Access (PAM)

CyberArk

Ingestion methods

via SIEM

SIEM sources

Splunk Enterprise Security

Operational capabilities

Data Ingestion

IBM QRadar logo

QRadar SIEM

IBM

Ingestion methods

Direct API

Supported versions

QRadar on Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Open Source logo

Request Tracker for Incident Response

(Open Source)

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

ExtraHop logo

Reveal(x) Enterprise

ExtraHop

Ingestion methods

Direct API

Supported versions

On-prem

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Palo Alto Networks logo

SaaS Security

Palo Alto Networks

Formerly Prisma SaaS

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

iboss logo

Secure Access Service Edge (SASE)

iboss

Ingestion methods

via SIEM

SIEM sources

Splunk Enterprise Security

Operational capabilities

Data Ingestion

Expel services

MDR

Cisco logo

Secure Endpoint

Cisco

Formerly AMP for Endpoints

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Zscaler logo

Secure Internet Access (ZIA)

Zscaler

Ingestion methods

via SIEM

SIEM sources

Microsoft Sentinel
Splunk Enterprise Security
Sumo Logic

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Exabeam logo

Security Analytics

Exabeam

Formerly Advanced Analytics

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Google Cloud logo

Security Command Center Event Threat Detection

Google Cloud

Formerly Event Threat Detection

Operational capabilities

Data Ingestion

Expel services

MDR

Microsoft logo

Sentinel

Microsoft

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

SentinelOne logo

SentinelOne

SentinelOne

Ingestion methods

Direct API

Supported versions

Iguazu and later

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

ServiceNow logo

ServiceNow ITSM

ServiceNow

Ingestion methods

Direct API

Operational capabilities

Investigative Access

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Salesforce logo

Shield

Salesforce

Ingestion methods

Direct API

Supported versions

Salesforce Shield or real-time monitoring

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

SentinelOne logo

Singularity Hologram

SentinelOne

Formerly Attivo BOTSink

Ingestion methods

via SIEM

SIEM sources

Splunk Enterprise Security
Sumo Logic

Supported versions

BOTsink

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Slack logo

Slack Enterprise Grid

Slack

Ingestion methods

Direct API

Supported versions

Slack Enterprise Grid

Operational capabilities

Data Ingestion

Investigative Access

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

Snowflake logo

Snowflake

Snowflake

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Splunk logo

Splunk Enterprise (Core)

Splunk

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Splunk logo

Splunk Enterprise Security

Splunk

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Splunk logo

Splunk On-Call

Splunk On-Call

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Vulnerability Prioritization

Threat Hunting

Check out the Setup guide in our help center.

Striven logo

Striven

Striven

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Vulnerability Prioritization

Threat Hunting

Check out the Setup guide in our help center.

Broadcom logo

Symantec Endpoint Protection

Broadcom

Formerly Symantec Endpoint Protection Enterprise

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM
Splunk Enterprise Security
Sumo Logic

Supported versions

Endpoint Protection versions 11 to 14

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Proofpoint logo

TAP

Proofpoint

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

Phishing

Microsoft Teams logo

Teams

Microsoft

Ingestion methods

Direct API

Operational capabilities

Response Actions

Expel services

MDR

Phishing

Threat Hunting

Vulnerability Prioritization

Check out the Setup guide in our help center.

Cisco logo

Umbrella

Cisco

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

VMware logo

VMware Carbon Black Cloud

Broadcom

Formerly CB ThreatHunter / CB Defense

Ingestion methods

Direct API

Supported versions

Enterprise Standard
Enterprise EDR

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

VMware logo

VMware Carbon Black Endpoint

Broadcom

Formerly CB Response

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Tenable logo

Vulnerability Management

Tenable

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Cloudflare logo

WAF

Cloudflare

Operational capabilities

Data Ingestion

Check out the Setup guide in our help center.

Forcepoint logo

Web Filter

Forcepoint

Ingestion methods

via SIEM

SIEM sources

Exabeam Fusion New-Scale SIEM

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Wiz logo

Wiz

Wiz

Ingestion methods

Direct API

Supported versions

Wiz Advanced Tier
CIEM
CNAPP
DSPM
CSPM / Vulnerability

Operational capabilities

Data Ingestion

Investigative Access

Alert Data Sync

Expel services

MDR

Workday logo

Workday

Workday

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Okta logo

Workforce Identity Cloud

Okta

Ingestion methods

Direct API

via SIEM

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Google logo

Workspace

Google

Formerly G Suite

Ingestion methods

Direct API

Operational capabilities

Data Ingestion

Expel services

MDR

Threat Hunting

Check out the Setup guide in our help center.

Google Cloud logo

Workspace Alert Center

Google Cloud

Formerly Admin Activity

Ingestion methods

Direct API

Supported versions

Cloud Audit Logs OR Security Command Center Sensitive Actions Service

Operational capabilities

Data Ingestion

Expel services

MDR

Check out the Setup guide in our help center.

Tanium logo

XEM Core

Tanium

Ingestion methods

Direct API

Supported versions

Cloud
On-prem

Operational capabilities

Data Ingestion

Investigative Access

Expel services

MDR

Check out the Setup guide in our help center.

Not seeing an integration?

New integrations are being added each month, reach out to discuss our capabilities.